Palo Alto's researchers have created a decrypter for the variant of the PoshCoder ransomware that imitates the Locky ransomware. Dubbed PowerWare by the researchers, the malware adds the “.locky” filename extension on encrypted files, the same ransom note as Locky, and its payment/ decryption page also mentioned the infamous ransomware. It targets and encrypts an exceptionally wide variety of files. The poor encyption scheme has allowed researcher Josh Grunzweig to create the decrypter but, unfortunately, he has currently provided it to victims in the form of a Python script, and most users won’t know how to run it.

They can try following these instructions on Python.com on how to run a Python script on Windows, or ask someone more knowledgeable to help them clean their machine up.